OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library and recently OpenSSL fixed six severe flaws.
OpenSSL Fixed Six Severe Flaws
[dropcap]On[/dropcap] Tuesday, May 3rd OpenSSL release six patches for the vulnerabilities in the OpenSSL, including two dangerous (CVE-2016-2108 and CVE-2016-2107). Hence, this flaws can lead to traffic being decrypted, denial-of-service attacks, and arbitrary code execution.
Vulnerability CVE-2016-2108 is an issue with the ASN.1 parser that triggers a buffer underflow and performs an out-of-bounds write if zero is represented as a negative value and affects the OpenSSL version, released before April the 2015, and consists of two in themselves insignificant errors, which together could pose a serious threat. Under certain conditions, an attacker can execute irrational code remotely. The second dangerous vulnerability (CVE-2016-2107) allows to carry out the attack “man in the middle” and decrypt the data.
However, there was an unrelated bug where the ASN.1 parser could misinterpret a large universal tag as a negative zero value. As the OpenSSL team wrote that “This has been shown to cause memory corruption that is potentially exploitable with some malloc implementations”.
The flaw, CVE-2016-2105, and CVE-2016-2106 affects EVP_EncodeUpdate function. As reported in the security bulletin, the chances of the remotely execute code are very small. The vulnerability CVE-2016-2109 can cause the distribution of large amounts of memory, which will lead to over-consumption of resources or memory overflow. OpenSSL also fixed an oracle padding issue, where attackers could corrupt the plaintext padding around encrypted messages and decrypt traffic.
The final low-severity flaw CVE-2016-2176 is a vulnerability which allows you to call an overload X509_NAME_oneline() function using the EBCDIC systems, resulting in an attacker can get back some of the data. However, this amount of data is almost useless to the attacker.